Sessions: Only show part of the session ID
This commit is contained in:
parent
c06cb767da
commit
40b93e3d8b
|
@ -16,7 +16,7 @@ class SessionFactory extends Factory
|
|||
public function definition(): array
|
||||
{
|
||||
return [
|
||||
'id' => $this->faker->lexify('??????????'),
|
||||
'id' => $this->faker->lexify('????????????????????????????????'),
|
||||
'payload' => $this->faker->text(100),
|
||||
'user_id' => $this->faker->optional()->passthrough(User::factory()),
|
||||
];
|
||||
|
|
|
@ -34,14 +34,14 @@
|
|||
{% for session in sessions %}
|
||||
<tr>
|
||||
<td>
|
||||
<pre>{{ session['id'] }}</pre>
|
||||
<pre>{{ session.id[:15] }}…</pre>
|
||||
</td>
|
||||
<td>{{ session.last_activity.format(__('Y-m-d H:i:s')) }}</td>
|
||||
<td>
|
||||
{% if session.id != current_session %}
|
||||
<form action="" enctype="multipart/form-data" method="post">
|
||||
{{ csrf() }}
|
||||
{{ f.hidden('id', session.id) }}
|
||||
{{ f.hidden('id', session.id[:15]) }}
|
||||
{{ f.submit(
|
||||
__('form.delete'),
|
||||
{'name': 'delete', 'btn_type': 'danger', 'size': 'sm', 'icon_left': 'trash'}
|
||||
|
|
|
@ -307,7 +307,10 @@ class SettingsController extends BaseController
|
|||
->where('id', '!=', session()->getId());
|
||||
|
||||
if ($id != 'all') {
|
||||
$query = $query->where('id', $id);
|
||||
$this->validate($request, [
|
||||
'id' => 'required|alnum|length:15:15',
|
||||
]);
|
||||
$query = $query->where('id', 'LIKE', $id . '%');
|
||||
}
|
||||
|
||||
$query->delete();
|
||||
|
|
|
@ -14,6 +14,7 @@ use Engelsystem\Http\Response;
|
|||
use Engelsystem\Models\Session as SessionModel;
|
||||
use Engelsystem\Models\User\License;
|
||||
use Engelsystem\Models\User\Settings;
|
||||
use Illuminate\Support\Str;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
use Symfony\Component\HttpFoundation\Session\Session;
|
||||
use Engelsystem\Helpers\Authenticator;
|
||||
|
@ -619,7 +620,7 @@ class SettingsControllerTest extends ControllerTest
|
|||
$this->setExpects($this->response, 'redirectTo', ['http://localhost/settings/sessions'], $this->response);
|
||||
|
||||
// Delete old user session
|
||||
$this->request = $this->request->withParsedBody(['id' => $this->secondSession->id]);
|
||||
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->secondSession->id, 0, 15)]);
|
||||
$this->controller->sessionsDelete($this->request);
|
||||
|
||||
$this->assertHasNotification('settings.sessions.delete_success');
|
||||
|
@ -636,7 +637,7 @@ class SettingsControllerTest extends ControllerTest
|
|||
$this->setExpects($this->response, 'redirectTo', null, $this->response);
|
||||
|
||||
// Delete active user session
|
||||
$this->request = $this->request->withParsedBody(['id' => $this->currentSession->id]);
|
||||
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->currentSession->id, 0, 15)]);
|
||||
$this->controller->sessionsDelete($this->request);
|
||||
|
||||
$this->assertCount(4, SessionModel::all()); // None got deleted
|
||||
|
@ -652,7 +653,7 @@ class SettingsControllerTest extends ControllerTest
|
|||
$this->setExpects($this->response, 'redirectTo', null, $this->response);
|
||||
|
||||
// Delete another users session
|
||||
$this->request = $this->request->withParsedBody(['id' => $this->otherSession->id]);
|
||||
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->otherSession->id, 0, 15)]);
|
||||
$this->controller->sessionsDelete($this->request);
|
||||
|
||||
$this->assertCount(4, SessionModel::all()); // None got deleted
|
||||
|
|
Loading…
Reference in New Issue